From a6c9e26db7592e8ed9d58bb5d1c6a70d280764d5 Mon Sep 17 00:00:00 2001 From: Shia Date: Mon, 10 Feb 2025 20:38:32 +0900 Subject: [PATCH 1/3] cp {en,ja}/news/_posts/2025-02-11-dos-net-imap-cve-2025-25186.md --- .../2025-02-11-dos-net-imap-cve-2025-25186.md | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 ja/news/_posts/2025-02-11-dos-net-imap-cve-2025-25186.md diff --git a/ja/news/_posts/2025-02-11-dos-net-imap-cve-2025-25186.md b/ja/news/_posts/2025-02-11-dos-net-imap-cve-2025-25186.md new file mode 100644 index 0000000000..66b0d9a4fa --- /dev/null +++ b/ja/news/_posts/2025-02-11-dos-net-imap-cve-2025-25186.md @@ -0,0 +1,29 @@ +--- +layout: news_post +title: "CVE-2025-25186: DoS vulnerability in net-imap" +author: "nevans" +translator: +date: 2025-02-11 03:00:00 +0000 +tags: security +lang: en +--- + +There is a possibility for DoS by in the net-imap gem. This vulnerability has been assigned the CVE identifier [CVE-2025-25186](https://www.cve.org/CVERecord?id=CVE-2025-25186). We recommend upgrading the net-imap gem. + +## Details + +A malicious server can send highly compressed uid-set data which is automatically read by the client's receiver thread. The response parser uses Range#to_a to convert the uid-set data into arrays of integers, with no limitation on the expanded size of the ranges. + +Please update net-imap gem to version 0.3.8, 0.4.19, 0.5.6, or later. + +## Affected versions + +* net-imap gem between 0.3.2 and 0.3.8, 0.4.0 and 0.4.19, or 0.5.0 and 0.5.6 + +## Credits + +Thanks to [manun](https://hackerone.com/manun) for discovering this issue. + +## History + +* Originally published at 2025-02-11 03:00:00 (UTC) From c8850f9eece3673982610613f46349d4db5f35ac Mon Sep 17 00:00:00 2001 From: Shia Date: Mon, 10 Feb 2025 20:44:04 +0900 Subject: [PATCH 2/3] Translate "CVE-2025-25186" (ja) --- .../2025-02-11-dos-net-imap-cve-2025-25186.md | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/ja/news/_posts/2025-02-11-dos-net-imap-cve-2025-25186.md b/ja/news/_posts/2025-02-11-dos-net-imap-cve-2025-25186.md index 66b0d9a4fa..fa0657bc49 100644 --- a/ja/news/_posts/2025-02-11-dos-net-imap-cve-2025-25186.md +++ b/ja/news/_posts/2025-02-11-dos-net-imap-cve-2025-25186.md @@ -1,29 +1,29 @@ --- layout: news_post -title: "CVE-2025-25186: DoS vulnerability in net-imap" +title: "CVE-2025-25186: net-imap gem の DoS の脆弱性" author: "nevans" -translator: +translator: "shia" date: 2025-02-11 03:00:00 +0000 tags: security -lang: en +lang: ja --- -There is a possibility for DoS by in the net-imap gem. This vulnerability has been assigned the CVE identifier [CVE-2025-25186](https://www.cve.org/CVERecord?id=CVE-2025-25186). We recommend upgrading the net-imap gem. +net-imap gem に DoS の脆弱性が発見されました。この脆弱性は [CVE-2025-25186](https://www.cve.org/CVERecord?id=CVE-2025-25186) として登録されています。net-imap gem のアップグレードを推奨します。 -## Details +## 詳細 -A malicious server can send highly compressed uid-set data which is automatically read by the client's receiver thread. The response parser uses Range#to_a to convert the uid-set data into arrays of integers, with no limitation on the expanded size of the ranges. +悪意のあるサーバーはクライアントの受信スレッドによって自動的に読み取られる高度に圧縮された uid-set データを送信することができます。応答パーサーは、uid-set データを整数の配列に変換するために Range#to_a を使用しますが、範囲の展開サイズに制限がありません。 -Please update net-imap gem to version 0.3.8, 0.4.19, 0.5.6, or later. +net-imap gem を 0.3.8、0.4.19、0.5.6 またはそれ以降にアップデートしてください。 -## Affected versions +## 影響を受けるバージョン -* net-imap gem between 0.3.2 and 0.3.8, 0.4.0 and 0.4.19, or 0.5.0 and 0.5.6 +* net-imap gem 0.3.2 から 0.3.8 まで、0.4.0 から 0.4.19 まで、または 0.5.0 から 0.5.6 まで -## Credits +## クレジット -Thanks to [manun](https://hackerone.com/manun) for discovering this issue. +* この脆弱性情報は、[manun](https://hackerone.com/manun) 氏によって報告されました。 -## History +## 更新履歴 -* Originally published at 2025-02-11 03:00:00 (UTC) +* 2025-02-11 12:00:00 (JST) 初版 From 9225a601d404e9fb4c50bebfc511f604736b499d Mon Sep 17 00:00:00 2001 From: Shia Date: Tue, 11 Feb 2025 07:01:57 +0900 Subject: [PATCH 3/3] Update ja/news/_posts/2025-02-11-dos-net-imap-cve-2025-25186.md Co-authored-by: Juanito Fatas --- ja/news/_posts/2025-02-11-dos-net-imap-cve-2025-25186.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ja/news/_posts/2025-02-11-dos-net-imap-cve-2025-25186.md b/ja/news/_posts/2025-02-11-dos-net-imap-cve-2025-25186.md index fa0657bc49..d25570b8bc 100644 --- a/ja/news/_posts/2025-02-11-dos-net-imap-cve-2025-25186.md +++ b/ja/news/_posts/2025-02-11-dos-net-imap-cve-2025-25186.md @@ -18,7 +18,7 @@ net-imap gem を 0.3.8、0.4.19、0.5.6 またはそれ以降にアップデー ## 影響を受けるバージョン -* net-imap gem 0.3.2 から 0.3.8 まで、0.4.0 から 0.4.19 まで、または 0.5.0 から 0.5.6 まで +* net-imap gem 0.3.2 から 0.3.7 まで、0.4.0 から 0.4.18 まで、または 0.5.0 から 0.5.5 まで ## クレジット